1.5 Million Health Files Breached in Singapore

Hackers have successfully retrieved a health database of the Singapore government (SingHealth), letting them see the health files of 1.5 million people, including the health files of Prime Minister Lee Hsien Loong.

Access to the databank was gained via a front-end workstation which offered the attackers with favored access to the databank. The data breach was noticed on July 4, 2018 when doubtful activity linking to the databank was seen, even though an inquiry into the data breach showed access was first gained a week earlier on June 27. Between June 27 and July 4, some of the information in the databank was downloaded and copied by the attackers.

A statement concerning the breach was released by the Singapore Ministry of Health verifying that roughly 1.5 million people were impacted by the breach. Those people had gone to outpatient clinics and polyclinics in Singapore between May 1, 2016 and July 4, 2018.

Had the attack not been obstructed on July 4, further data might have been exfiltrated. Attempts to access the SingHealth databank carried on after access had been obstructed. The breach was restricted to one SingHealth databank. No other public healthcare IT system was undermined.

The information that was exfiltrated was restricted to names, dates of birth, NRIC numbers, addresses, and details of the sex and race of each patient. Details of the medicines that were given out to 160,000 patients at outpatient health centers were also downloaded by the attackers.

As per the Cyber Security Agency of Singapore (CSA), this was “an intentional, targeted and well-organized cyberattack. It was not the work of criminal gangs or casual hackers.” Further, this cyberattack involved repetitive efforts to gain access to Prime Minister Lee Hsien Loong’s private health records and details of his outpatient medicines.

The Singapore Ministry of Health has ordered the Integrated Health Information System (IHiS) to carry out a detailed analysis of the public healthcare system including plans, threat management procedures, IT control systems, and staff proficiencies. Third-party cybersecurity specialists are helping IHiS and cyber threat safety measures are being increased to avoid more attempts to gain access to patient data. Other controls are also being applied to make sure that any further breach is quickly noticed and alleviated.